因为该变种病毒不但要攻击RPC漏洞，还会将自身复制到%system%\\Wins文件夹下，创建FTP服务和Wins Client服务。其中FTP服务开启系统的FTP功能用于传播病毒。“冲击波杀手”感染一台机器后就会使用Ping命令或ICMP echo方式探测随机产生的IP地址是否有效，如果有效便开始进行攻击。该病毒会在受感染的系统中随机使用666-765端口与攻击系统进行连接。该病毒还会检查系统版本和微软补丁包的版本号，然后根据不同的操作系统尝试从微软下载有关RPC漏洞的补丁程序，并自动运行补丁程序，给系统打上RPC漏洞的补丁。 该病毒发作后会开启上百个线程、在PING到有效的IP地址之后就会向该IP发起攻击并传播，所以该病毒传播更有效，速度更快，而且一发作便会消耗尽所有的CPU资源从而导致机器运行缓慢直至系统瘫痪。总之“冲击波杀手”给用户造成的危害将是“冲击波”的几倍。不过升级了系统以及修补了RPC漏洞的用户不会再被该病毒感染。-because the variant virus not only to attack RPC vulnerability, but also copies itself into% system% \\ Wins folder, FTP services and the creation Wins Client services. FTP services which opened the FTP function for the transmission of the virus. "Shock killer" an infected machine will be used after the Ping orders or ICMP echo mode detection randomly generated IP address whether and, if they start to attack. The virus in infected systems use random ports 666-765 and attack systems for the connection. The virus will also inspect system version and Microsoft patch version, then under different operating systems to try to download the Microsoft RPC vulnerability patches, and automatically patch to the RPC loopholes permitting system patches. The virus attacks will be opened after hu